Export limit exceeded: 335730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9511 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52549 | 2 Jenkins, Redhat | 2 Script Security, Ocp Tools | 2025-10-10 | 4.3 Medium |
| Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. | ||||
| CVE-2024-44069 | 1 Pi-hole | 1 Pi-hole | 2025-10-10 | 7.5 High |
| Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear. | ||||
| CVE-2023-45793 | 1 Siemens | 1 Siveillance Control | 2025-10-10 | 5.5 Medium |
| A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges. | ||||
| CVE-2017-6369 | 1 Firebirdsql | 1 Firebird | 2025-10-10 | 8.8 High |
| Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so. | ||||
| CVE-2025-51308 | 1 Gatling | 1 Gatling | 2025-10-09 | 5.3 Medium |
| In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks. | ||||
| CVE-2025-3719 | 1 Nozominetworks | 2 Cmc, Guardian | 2025-10-09 | 8.1 High |
| An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/or affecting its availability. | ||||
| CVE-2025-11439 | 1 Jhumanj | 1 Opnform | 2025-10-09 | 4.3 Medium |
| A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named 11d97d78f2de2cb49f79baed6bde8b611ec1f384. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-11438 | 1 Jhumanj | 1 Opnform | 2025-10-09 | 6.3 Medium |
| A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is beb153ce52dceb971c1518f98333328c95f1ba20. It is best practice to apply a patch to resolve this issue. | ||||
| CVE-2025-11442 | 1 Jhumanj | 1 Opnform | 2025-10-09 | 4.3 Medium |
| A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor has stated that API calls require authentication through Authorization Bearer Tokens, so classic CSRF attacks do not apply here. An attacker would need to possess the JWT through means such as XSS which were mitigated, disabling any form of initial access. | ||||
| CVE-2025-3257 | 1 Xujiangfei | 1 Admintwo | 2025-10-09 | 4.3 Medium |
| A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-52551 | 3 Jenkins, Jenkins Project, Redhat | 3 Pipeline\, Jenkins Pipeline Declaratrive Plugin, Ocp Tools | 2025-10-08 | 8 High |
| Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | ||||
| CVE-2025-11239 | 1 Knime | 1 Business Hub | 2025-10-08 | 4.3 Medium |
| Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present). | ||||
| CVE-2025-59826 | 2 Flagforge, Flagforgectf | 2 Flagforge, Flagforge | 2025-10-08 | 7.6 High |
| Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0. | ||||
| CVE-2025-59827 | 2 Flagforge, Flagforgectf | 2 Flagforge, Flagforge | 2025-10-08 | 9.8 Critical |
| Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administrative roles. This issue has been patched in version 2.2.0. | ||||
| CVE-2025-59714 | 1 Internet2 | 1 Grouper | 2025-10-08 | 6.5 Medium |
| In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs. | ||||
| CVE-2025-49641 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 4.3 Medium |
| A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems. | ||||
| CVE-2025-27236 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 6.5 Medium |
| A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to. | ||||
| CVE-2025-4975 | 2025-10-08 | N/A | ||
| When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device. | ||||
| CVE-2025-11029 | 2 Givanz, Vvveb | 2 Vvveb, Vvveb | 2025-10-07 | 4.3 Medium |
| A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the code to github and make a new release." | ||||
| CVE-2024-42434 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-10-07 | 4.9 Medium |
| Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. | ||||